Primary

Context

ManageEngine Exchange Reporter Plus Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in ManageEngine Exchange Reporter Plus, affecting versions prior to 5802. The issue resides in the Public Folder Client Permissions report, where an authenticated attacker with Exchange administrative privileges could inject and execute malicious scripts. Exploitation of this vulnerability would allow the attacker to perform actions within Exchange Reporter Plus based on the privileges of the user who accesses the compromised report.

Impact

Exploitation could enable an attacker to inject and execute scripts, potentially leading to unauthorized actions within Exchange Reporter Plus, depending on the privileges of the user accessing the affected report.

Remediation

Users can update to Exchange Reporter Plus version 5802 or later. Instructions for downloading the latest version are available on the ManageEngine Exchange Reporter Plus website.

Added: Apr 3, 2026, 12:19 PM

Updated: Apr 3, 2026, 12:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.4

exploitability

2.8

remediation

7.7

relevance

5.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.4

exploitability

2.8

remediation

7.7

relevance

5.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine Exchange Reporter Plus Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ManageEngine Exchange Reporter Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating